Vulnerability Assessment, also known as vulnerability analysis, is a process that defines, identifies, and classifies the security holes (vulnerabilities) in a computer, network, or communications infrastructure. In addition, vulnerability analysis can forecast the effectiveness of proposed countermeasures and evaluate their actual effectiveness after they are put into use.

Vulnerability Assessment consists of several steps:

Defining and classifying network or system resources

Assigning relative levels of importance to the resources

Identifying potential threats to each resource

Developing a strategy to deal with the most serious potential problems first

Defining and implementing ways to minimize the consequences if an attack occurs.